From 3051d8a299f46cfbf2a7d2a5ad8a33c96f514f0e Mon Sep 17 00:00:00 2001 From: Salt Date: Sun, 1 Aug 2021 21:35:41 -0500 Subject: [PATCH] Provision (read: move) Netbox to desu.ltd --- inventory/group_vars/all.yml | 39 ++++++++++++---- playbooks/db.yml | 6 ++- playbooks/web.yml | 89 ++++++++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+), 10 deletions(-) diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 65c022b..09f5c57 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -110,6 +110,36 @@ gitea_internal_token: !vault | 62633234313261363537663061373931303832653531356566633739636264666635653936313965 623964653936646334313864643030653763 +# For Netbox +secret_netbox_user_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33313861366430643638383666653432393466663032613962356266316238376239623438393830 + 6431643833363963626238306563643431383630613565660a363464313837663231396566636535 + 66313164663537313661653763623931623562626635616165636330303231363033656234323765 + 3535386162393564370a623061383831376666656633666537653565393138653134313263646332 + 39356261623833396166623364346639323863633832333735646366373734613163 +secret_netbox_api_token: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63313937383737376131326534303963396162396366313635643639303264613763613039656636 + 3661383139366639303864323662613465663562656134390a356663613732643037363631376135 + 31643765333238386566313766313466353931616161343933643366343131616433363538336237 + 3837323762623761630a636231376364333563306366623136633238326436653764353632366562 + 63626364306239373436396464666532396538373664646333656361363662326366 +secret_netbox_db_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33333232623431393930626435313138643963663731336530663066633563666439383936316538 + 6337376232613937303635386235346561326134616265300a326266373834303137623439366438 + 33616365353663633434653463643964613231343335326234343331396137363439666138376332 + 3564356231336230630a336639656337353538633931623536303430363836386137646563613338 + 66326661313064306162363265303636333765383736336231346136383763613131 +secret_netbox_secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35313764653130613764383638323462643036363035366239633239393738363262323137393433 + 3761386334383762633732306666633133306363396637350a323437666533653433303533343663 + 39386237333335333463656363373535323432333937356564653433353163316635393733303936 + 3061313335366664370a393331623633336539303065353161386132346430313931353965313538 + 66653265336462313337353264666661323563333964633331633365623431386133 + # For Nextcloud secret_nextcloud_9iron_db_pass: !vault | $ANSIBLE_VAULT;1.1;AES256 @@ -134,15 +164,6 @@ secret_nextcloud_admin_pass: !vault | 3534643731333331320a393462323264666135666134336536633639613065363339333131653433 37653732313664356330356139646336353735613336326563366361383737653538 -# For OnlyOffice -secret_onlyoffice_9iron_db_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31326366346266353162303566646632376434373966663533353737626539366662306163346562 - 3934666237323331303063636561613531613431303237360a323335333764356335326665626665 - 30396236656537626531616532353839303535336534303934316237343338336536323135653865 - 3036393663396633380a366461613536616264613237626164373631353137643963663830393833 - 34326639343831346333333461663634333434633136646163326634653439623138 - # For Peertube secret_peertube_db_pass: !vault | $ANSIBLE_VAULT;1.1;AES256 diff --git a/playbooks/db.yml b/playbooks/db.yml index eafbbbd..e20ec40 100755 --- a/playbooks/db.yml +++ b/playbooks/db.yml @@ -17,7 +17,7 @@ - option: listen_addresses value: 192.168.164.156 postgresql_hba_entries: - - { type: local, database: all, user: postgres, auth_method: peer } + - { type: local, database: all, user: postgres, auth_method: trust } - { type: local, database: all, user: all, auth_method: md5 } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } @@ -28,6 +28,8 @@ password: "{{ secret_gitea_db_pass }}" - name: gulagbot-desultd password: "{{ secret_gulagbot_db_pass }}" + - name: netbox-desultd + password: "{{ secret_netbox_db_pass }}" - name: nextcloud-desultd password: "{{ secret_nextcloud_db_pass }}" - name: peertube-cowfee @@ -39,6 +41,8 @@ owner: gitea-desultd - name: gulagbot-desultd owner: gulagbot-desultd + - name: netbox-desultd + owner: netbox-desultd - name: nextcloud-desultd owner: nextcloud-desultd - name: pleroma_cowfee diff --git a/playbooks/web.yml b/playbooks/web.yml index 7a1b300..90be458 100755 --- a/playbooks/web.yml +++ b/playbooks/web.yml @@ -225,3 +225,92 @@ tags: [ motd ] - role: docker tags: [ web, docker, skip-pull ] +- hosts: web3.desu.ltd + module_defaults: + docker_container: + state: started + restart_policy: unless-stopped + pull: yes + tasks: + - name: ensure docker network + docker_network: name=web + tags: [ docker ] + - name: ensure docker nginx config + copy: + dest: /data/nginx-certbot/user_conf.d/vhosts.conf + mode: "0750" + content: | + server { + listen 443 ssl default_server; + server_name netbox.desu.ltd; + ssl_certificate /etc/letsencrypt/live/netbox.desu.ltd/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/netbox.desu.ltd/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/netbox.desu.ltd/chain.pem; + ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://netbox:8080; + } + } + tags: [ docker, ingress ] + - name: docker deploy redis + docker_container: + name: redis + image: redis:6-alpine + networks: + - name: web + aliases: [ "redis" ] + tags: [ docker, redis ] + - name: docker deploy netbox + docker_container: + name: netbox + image: netboxcommunity/netbox:latest + env: + SUPERUSER_EMAIL: rehashedsalt@cock.li + SUPERUSER_PASSWORD: "{{ secret_netbox_user_pass }}" + SUPERUSER_API_TOKEN: "{{ secret_netbox_api_token }}" + SECRET_KEY: "{{ secret_netbox_secret_key }}" + ALLOWED_HOST: netbox.desu.ltd + DB_HOST: 192.168.164.156 + DB_NAME: netbox-desultd + DB_USER: netbox-desultd + DB_PASSWORD: "{{ secret_netbox_db_pass }}" + REDIS_HOST: redis + REDIS_PORT: "6379" + networks: + - name: web + aliases: [ "netbox" ] + volumes: + - /data/netbox/config:/config + tags: [ docker, netbox ] + - name: docker deploy nginx proxy + docker_container: + name: ingress + image: jonasal/nginx-certbot:2.2.0 + env: + TZ: "America/Chicago" + CERTBOT_EMAIL: rehashedsalt@cock.li + networks: + - name: web + aliases: [ "ingress" ] + ports: + - "443:443" + - "80:80" + volumes: + - /data/nginx-certbot/letsencrypt:/etc/letsencrypt + - /data/nginx-certbot/user_conf.d:/etc/nginx/user_conf.d:ro + tags: [ docker, ingress ] + roles: + - role: backup + vars: + backup_s3backup_list_extra: + - /data + tags: [ backup ] + - role: motd + vars: + motd_watch_services_extra: + - docker + tags: [ motd ] + - role: docker + tags: [ web, docker, skip-pull ]